| عنوان | PLANET ICG-2510 1.0_20250811 Stack-based Buffer Overflow |
|---|
| الوصف | The PLANET ICG-2510W-LTE product is affected by a Buffer Overflow vulnerability. This flaw originates from the sub_40C8E4 function within the /usr/sbin/httpd component. When processing language package configurations, the function fails to validate the length of the language configuration value retrieved from NVRAM before using sprintf to format it into a heap-allocated buffer of only 60 bytes (allocated via malloc(60)).If an attacker can modify the language field in the NVRAM to an excessively long string (e.g., more than 48 characters), it will trigger a buffer overflow while the web server is running. This results in a crash of the web management interface (Denial of Service) and may potentially allow for Remote Code Execution (RCE) by corrupting the heap memory layout. |
|---|
| المصدر | ⚠️ https://github.com/glkfc/IoT-Vulnerability/blob/main/PLANET/ICG-2510/vulnerability_report1.md |
|---|
| المستخدم | jfkk (UID 79868) |
|---|
| ارسال | 23/02/2026 04:08 AM (2 أشهر منذ) |
|---|
| الاعتدال | 07/03/2026 09:42 AM (12 days later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 349643 [Planet ICG-2510 1.0_20250811 Language Package Configuration /usr/sbin/httpd sub_40C8E4 اللغة تلف الذاكرة] |
|---|
| النقاط | 20 |
|---|